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DETAILED ACTION 

1 . Claims 1 -40 are presented for examination. 

2. The claims and only the claims form the metes and bounds of the invention. 
"Office personnel are to give claims their broadest reasonable interpretation in light of 
the supporting disclosure. In re Morris, 127 F.3d 1048, 1054-55, 44 USPQ2d 1023, 
1027-28 (Fed. Cir. 1997). Limitations appearing in the specification but not recited in 
the claim are not read into the claim. In re Prater, 415 F.2d 1393, 1404-05, 162 USPQ 
541, 550-551 (CCPA 1969)" (MPEP p 2100-8, c 2, I 45-48; p 2100-9, c 1, I 1-4). The 
Examiner has full latitude to interpret each claim in the broadest reasonable sense. The 
Examiner will reference prior art using terminology familiar to one of ordinary skill in the 
art. Such an approach is broad in concept and can be either explicit or implicit in 
meaning. 

Information Disclosure Statement 

3. The information disclosure statement (IDS) submitted on 13 February 2004 and 
29 March 2005 have been considered by the examiner. 

Claim Rejections - 35 USC § 102 

4. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 1 02 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 
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5. Claims 1-2, 4-8, 10-12, 14-18, 20-22, 24-28, 30-32, 34-38 and 40 are rejected 
under 35 U.S.C. 102(b) as being anticipated by Network working Groups, request 
for Comments 1948, "Defending against Sequence Number Attacks" by Bellovin. 

As to claims 1 and 21, Bellovin teaches: In a local server that receives data from 
one or more remote clients over a data transport protocol (Bellovin: Page 2, Lines 1-5; 
client talking to server using a TCP connection), a method/computer program product of 
generating an initial sequence number for use by a remote client when assigning 
sequence numbers to one or more data packets to be sent to the local server {Bellovin: 
Page 3, Lines 22-24), the initial sequence number generated in a manner that prevents 
the local server from being attacked while maintaining reliable data transfer {Bellovin: 
Page 4, Lines 1-3; Compute F in such a way that it cannot be guessed by discovering 
other initial sequence numbers), the method comprising the acts of: 

generating a random input key using arbitrary information maintained secret by 
the local server (Bellovin: Page 4, Lines 3-13; F value generated based on a per-host 
secret); 

receiving a connection identifier key that includes connection information for at 
least the remote client (Bellovin: Page 3, Lines 37-38; 4-tupe of <localhost, localport, 
remotehost, remoteport> used to compute F); 

securely initializing a hash function with at least a portion of the random input key 
and at least a portion of the connection identifier key for determining an intermediate 
value of an initial sequence number (Bellovin: Page 4, Lines 3-5; F is a hash of 
connection id and secret data); 
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creating a monotonically increasing counter (Bellovin: Page 2, Lines 25-27, 
Counter M) for ensuring that a same connection identifier does not have data collisions 
from competing sequence numbers within a predetermined period of time (Bellovin: 
Page 3, Lines 23-25; prevent stale packets from being accepted by new incarnation f 
same connection), and for ensuring randomness of the initial sequence number on a 
per connection basis for preventing attacks on the local server [Bellovin: Page 2, Lines 
25-32, insufficient randomness leads to attacks); 

incrementing the counter a fixed value based on a passage of a predetermined 
time period (Bellovin: Page 2, Lines 26-30, M incremented either 1 every 4 microsecond 
in one implementation or by a constant per second in another); 

incrementing the counter a variable amount depending upon a rate of 
connections with the local server, wherein if the rate of connections is beyond a 
threshold value the variable increment is based on an elapsed time, otherwise the 
variable increment is based on each connection established with the local server 
(Bellovin: Page 2, Lines 28-30; under Berkeley implementation, the counter is 
implemented by a constant for every connection. The threshold value for Berkeley 
would be when the rate of the number of connections cannot increase due to system 
considerations, at that point the counter would be applied on an elapsed time, i.e. How 
long it takes to establish a connection, rather than on a per connection basis); and 

combining the intermediate value, the fixed value and the variable amount for 
generating the initial sequence number (Bellovin: Page 3-4; ISN computed using M + F 
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(localhost, localport, remotehost, remoteport), where M = fixed + variable from above 
and F is the intermediate value from the 4-tuple as calculated above) 

As to claims 11 and 31, Bellovin teaches: In a local server that receives data 
from one or more remote clients over a data transport protocol {Bellovin: Page 2, Lines 
1-5; client talking to server using a TCP connection), a method/computer program 
product of generating an initial sequence number for use by a remote client when 
assigning sequence numbers to one or more data packets to be sent to the local server 
(Bellovin: Page 3, Lines 22-24), the initial sequence number generated in a manner that 
prevents the local server from being attacked while maintaining reliable data transfer 
(Bellovin: Page 4, Lines 1-3; Compute F in such a way that it cannot be guessed by 
discovering other initial sequence numbers), the method comprising the acts of: 

determining an intermediate value of an initial sequence number by hashing a 
random input key and a connection identifier key, which includes connection information 
for at least the remote client, the random input key being generated using arbitrary 
information maintained secret by the local server (Bellovin: Page 4, Lines 3-5; F is a 
hash of connection id and secret data from server); 

ensuring that a same connection identifier does not have data collisions from 
competing sequence numbers within a predetermined period of time (Bellovin: Page 3, 
Lines 23-25; prevent stale packets from being accepted by new incarnation f same 
connection), and ensuring randomness of the initial sequence number on a per 
connection basis for preventing attacks on the local server by monotonically 
incrementing a counter both a fixed value based on a passage of a predetermined time 
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period and a variable amount depending upon a rate of connections with the local 
server (Bellovin: Page 3, Lines 25-32; one constant per time interval and a second per 
connection), wherein if the rate of connections is beyond a threshold value the variable 
increment is based on an elapsed time, otherwise the variable increment is based on 
each connection established with the local server (Bellovin: Page 2, Lines 28-30; under 
Berkeley implementation, the counter is implemented by a constant for every 
connection. The threshold value for Berkeley would be when the rate of the number of 
connections cannot increase due to system considerations, at that point the counter 
would be applied on an elapsed time, i.e. How long it takes to establish a connection, 
rather than on a per connection basis); and 

generating the initial sequence number by combining the intermediate value, the 
fixed value and the variable amount. (Bellovin: Page 3-4; ISN computed using M + F 
(localhost, localport, remotehost, remoteport), where M = fixed + variable from above 
and F is the intermediate value from the 4-tuple as calculated above). 

As to claims 2, 12, 22 and 32, Bellovin further teaches wherein if the rate of 
connections is below the threshold value, the fixed value is further incremented based 
on each connection established with the local server (Bellovin: Page 2, Lines 25-32). 

As to claims 4, 14, 24 and 34, Bellovin further teaches wherein the connection 
identifier key further includes connection information for one or more of the local server 
port, local server routing address, remote port and remote routing address (Bellovin: 
Page 3, Lines 37-38; 4-tuple of <localhost, localport, remotehost, remoteport> used to 
compute F). 
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As to claims 5, 15, 25 and 35, Bellovin further teaches wherein the data 
transport protocol is Transmission Control Protocol {Bellovin: Page 2, Lines 1-3), and 
wherein the local and remote routing addresses are Internet Protocol addresses 
(Bellovin: Page 4, Lines 9, 16). 

As to claims 6, 16, 26 and 36, Bellovin further teaches wherein at least a second 
connection is made between the local server and a second remote client [Bellovin: 
Page 3, Lines 35-42), and wherein the method further including the acts of: 

receiving a second connection identifier key that includes connection information 
for at least the second remote client (Bellovin: Page 3, Lines 35-42); 

securely initializing the hash function with at least a portion of the random input 
key and at least a portion of the second connection identifier key for determining a 
second intermediate value of a second initial sequence number {Bellovin: Page 4, Lines 
3-5; F is a hash of connection id and secret data); 

based on at least a portion of the second connection identifier key (Bellovin: 
Page 3, Lines 35-42, each 4-tuple gets its own number space), creating a second 
monotonically increasing counter (Bellovin: Page 2, Lines 25-27, Counter M) for 
ensuring that a same connection identifier does not have data collisions from competing 
sequence numbers within a predetermined period of time (Bellovin: Page 3, Lines 23- 
25; prevent stale packets from being accepted by new incarnation f same connection), 
and for ensuring randomness of the initial sequence number on a per connection basis 
for preventing attacks on the local server (Bellovin: Page 2, Lines 25-32, insufficient 
randomness leads to attacks); 
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incrementing the second counter the fixed value based on the passage of the 
predetermined time period (Bellovin: Page 2, Lines 26-30, M incremented either 1 every 
4 microsecond in one implementation or by a constant per second in another); 

incrementing the second counter a second variable amount depending upon a 
rate of connections with the local server and for those connections associated with the 
second counter, wherein if the rate of connections with the local server and for those 
connections associated with the second counter is beyond a threshold value the 
variable increment is based on an elapsed time, otherwise the variable increment is 
based on each connection established with the local server and associated with the 
second counter (Bellovin: Page 2, Lines 28-30; under Berkeley implementation, the 
counter is implemented by a constant for every connection. The threshold value for 
Berkeley would be when the rate of the number of connections cannot increase due to 
system considerations, at that point the counter would be applied on an elapsed time, 
i.e. How long it takes to establish a connection, rather than on a per connection basis); 
and 

combining the second intermediate value, the fixed value and the second 
variable amount for generating the second initial sequence number (Bellovin: Page 3-4; 
ISN computed using M + F(localhost, localport, remotehost, remoteport), where M = 
fixed + variable from above and F is the intermediate value from the 4-tuple as 
calculated above). 

As to claims 7, 17, 27 and 37, Bellovin further teaches wherein the arbitrary 
information maintained as a secret by the local server is based on timing, state 
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conditions for the local server, or both, at boot up time of the local server, which include 
one or more of a time of day, a day of month, a month, a year, a local server hard drive 
head position, and whether input was detected by hardware of the local server (Bellovin: 
Page 4, Lines 7-9; Boot time of the machine used in secret data, which necessarily 
includes at least one of the time of day, month or year if not all). 

As to claims 8, 18, 28 and 38, Bellovin further teaches wherein the combining of 
the intermediate value, the fixed value and the variable amount is a mathematical 
operation or function (Bellovin: Page 3, Line 50 ISN = M + F (addition)). 

As to claims 10, 20, 30 and 40, Bellovin further teaches , wherein the 
monotonically increasing counter is shared by at least two connections at the same time 
(Bellovin: Page 2, Lines 28-30, counter used by all connections to server, as each new 
connection increments it). 

Claim Rejections - 35 USC § 103 

6. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

7. The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1 , 148 
USPQ 459 (1966), that are applied for establishing a background for determining 
obviousness under 35 U.S.C. 103(a) are summarized as follows: 

1 . Determining the scope and contents of the prior art. 
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2. Ascertaining the differences between the prior art and the claims at issue. 

3. Resolving the level of ordinary skill in the pertinent art. 

4. Considering objective evidence present in the application indicating 
obviousness or nonobviousness. 

8. Claims 3 and 33 are rejected under 35 U.S.C. 103(a) as being unpatentable 

over Network working Groups, request for Comments 1948, "Defending against 

Sequence Number Attacks" by Bellovin in view of U.S. Patent Application 

Publication No. 2002/0187788 to McKay. 

As to claims 3 and 33, Bellovin discloses all recited limitations of claims 1 and 
31 from which claims 3 and 33 depend respectively. 

Bellovin does not expressly disclose wherein based on the fixed value, if a 
remote client's data transfer rate while connected to the local server is less than a 
specified byte rate then the connection identifier used by the remote client the is allowed 
immediate re-connection to the local server after the remote client disconnects. 

McKay discloses wherein based on the fixed value, if a remote client's data 
transfer rate while connected to the local server is less than a specified byte rate then 
the connection identifier used by the remote client the is allowed immediate re- 
connection to the local server after the remote client disconnects (McKay: Fig 6; Page 1 , 
Sec 7 and Page 3-4, Sec 27-33; when service degrades below and acceptable level 
and the user is disconnected, the connection is re-established). 

Bellovin and McKay are analogous art because they are from the art of networks. 

At the time of invention, it would have been obvious to a person of ordinary skill 
in the art to allow connections without the possibility of collision the ability to reconnect. 
The rationale would have been to reduce network disruptions (McKay. Page 1 , Sec 2) 
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9. Claims 9, 19, 29 and 39 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Network working Groups, request for Comments 1948, 
"Defending against Sequence Number Attacks" by Bellovin in view of U.S. Patent 
Application Publication No. 2002/0083175 to Afek etal. 

As to claims 9, 19, 29 and 33, Bellovin discloses all recited limitations of claims 
1 , 1 1 , 20 and 30 from which claims 9, 19, 29 and 39 depend respectively. Bellovin 
additionally discloses wherein if the rate of connections is beyond the threshold value 
the variable increments up to an amount of 0x000022FB every millisecond (Bellovin: 
Page 2, Lines 26-30), 

Bellovin does not expressly disclose otherwise the variable increment is an 
amount between 16 K and 32 K. 

Afek discloses otherwise the variable increment is an amount between 16 K and 
32 K (Afek, Fig 4B). 

Bellovin and McKay are analogous art because they are from the art of networks. 

At the time of invention, it would have been obvious to use variable increments 
depending on threshold values. The rationale would have been that it is obvious to 
combine these known elements to yield the predictable result of the instant application. 
Bellovin and Afek in combination contained all of the elements required for claims 9, 19, 
29 and 39, however, the difference being that neither Bellovin nor Afek combined said 
elements. One of ordinary skill in the art could have combined the elements present in 
Belovin and Afek with the knowledge that in combination, said elements would have 
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performed the same functions that they did separately. Furthermore, one of ordinary 
skill in the art would have recognized that the results of the combination were 
predictable. In fact, for one of ordinary skill in the art of software systems development, 
there would have been a reliance on the fact that the results of the combination would 
be predictable. 

10. Claims 13 and 23 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Network working Groups, request for Comments 1948, "Defending against 
Sequence Number Attacks" by Bellovin in view of U.S. Patent Application 
Publication No. 2002/0187788 to McKay and U.S. Patent No. 3,728,535 to Dickman 
et al. 

As to claims 13 and 23, Bellovin discloses all recited limitations of claims 1 1 and 
21 from which claims 13 and 23 depend respectively. 

Bellovin does not expressly wherein the fixed value is 25.6 K {Dickman: Col 7, 
Line 8), and wherein if a remote client's data transfer rate while connected to the local 
server is less than 256 K then the connection identifier used by the remote client the is 
allowed immediate re-connection to the local server after the remote client disconnects 
{McKay: Fig 6; Page 1 , Sec 7 and Page 3-4, Sec 27-33). 

Dickman discloses wherein the fixed value is 25.6 K {Dickman: Col 7, Line 8). 

McKay discloses wherein if a remote client's data transfer rate while connected to 
the local server is less than 256 K then the connection identifier used by the remote 
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client the is allowed immediate re-connection to the local server after the remote client 
disconnects (McKay: Fig 6; Page 1 , Sec 7 and Page 3-4, Sec 27-33). 

Bellovin, McKay and Dickman are analogous art because they are from the art of 
networks. 

At the time of invention, it would have been obvious to a person of ordinary skill 
in the art to allow connections operating at various connection speeds without the 
possibility of collision the ability to reconnect. The rationale would have been to reduce 
network disruptions (McKay: Page 1 , Sec 2). 

Prior Art 

1 1 . The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. U.S. Patent Application Publication 2001/0042200 by Lamberton 
et al discloses generating Initial Sequence Numbers in such a way as to avoid flooding 
attacks (Lamberton: Fig 6B). 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Michael S. McNally whose telephone number is 
(571)270-1599. The examiner can normally be reached on Monday through Friday 9:00 
- 5:00 EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Nasser Moazzami can be reached on (571)272-4195. The fax phone 
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number for the organization where this application or proceeding is assigned is 571- 
273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

MSM 

7 February 2008 



/Nasser G Moazzami/ 

Supervisory Patent Examiner, Art Unit 2136 



